mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-11-01 10:33:27 +00:00
fb786100f7
The patch fix the crash repoted below [ 15.149907] BUG: unable to handle kernel NULL pointer dereference at 00000001 [ 15.150806] IP: [<c140b886>] p9_virtio_close+0x18/0x24 ..... .... [ 15.150806] Call Trace: [ 15.150806] [<c1408e78>] ? p9_client_destroy+0x3f/0x163 [ 15.150806] [<c1409342>] ? p9_client_create+0x25f/0x270 [ 15.150806] [<c1063b72>] ? trace_hardirqs_on+0xb/0xd [ 15.150806] [<c11ed4e8>] ? match_token+0x64/0x164 [ 15.150806] [<c1175e8d>] ? v9fs_session_init+0x2f1/0x3c8 [ 15.150806] [<c109cfc9>] ? kmem_cache_alloc+0x98/0xb8 [ 15.150806] [<c1063b72>] ? trace_hardirqs_on+0xb/0xd [ 15.150806] [<c1173dd1>] ? v9fs_get_sb+0x47/0x1e8 [ 15.150806] [<c1173dea>] ? v9fs_get_sb+0x60/0x1e8 [ 15.150806] [<c10a2e77>] ? vfs_kern_mount+0x81/0x11a [ 15.150806] [<c10a2f55>] ? do_kern_mount+0x33/0xbe [ 15.150806] [<c10b40b9>] ? do_mount+0x654/0x6b3 [ 15.150806] [<c1038949>] ? do_page_fault+0x0/0x284 [ 15.150806] [<c10b28ec>] ? copy_mount_options+0x73/0xd2 [ 15.150806] [<c10b4179>] ? sys_mount+0x61/0x94 [ 15.150806] [<c14284e9>] ? syscall_call+0x7/0xb .... [ 15.203562] ---[ end trace 1dd159357709eb4b ]--- [ Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
388 lines
9.7 KiB
C
388 lines
9.7 KiB
C
/*
|
|
* The Virtio 9p transport driver
|
|
*
|
|
* This is a block based transport driver based on the lguest block driver
|
|
* code.
|
|
*
|
|
* Copyright (C) 2007, 2008 Eric Van Hensbergen, IBM Corporation
|
|
*
|
|
* Based on virtio console driver
|
|
* Copyright (C) 2006, 2007 Rusty Russell, IBM Corporation
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to:
|
|
* Free Software Foundation
|
|
* 51 Franklin Street, Fifth Floor
|
|
* Boston, MA 02111-1301 USA
|
|
*
|
|
*/
|
|
|
|
#include <linux/in.h>
|
|
#include <linux/module.h>
|
|
#include <linux/net.h>
|
|
#include <linux/ipv6.h>
|
|
#include <linux/errno.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/un.h>
|
|
#include <linux/uaccess.h>
|
|
#include <linux/inet.h>
|
|
#include <linux/idr.h>
|
|
#include <linux/file.h>
|
|
#include <net/9p/9p.h>
|
|
#include <linux/parser.h>
|
|
#include <net/9p/client.h>
|
|
#include <net/9p/transport.h>
|
|
#include <linux/scatterlist.h>
|
|
#include <linux/virtio.h>
|
|
#include <linux/virtio_9p.h>
|
|
|
|
#define VIRTQUEUE_NUM 128
|
|
|
|
/* a single mutex to manage channel initialization and attachment */
|
|
static DEFINE_MUTEX(virtio_9p_lock);
|
|
/* global which tracks highest initialized channel */
|
|
static int chan_index;
|
|
|
|
/**
|
|
* struct virtio_chan - per-instance transport information
|
|
* @initialized: whether the channel is initialized
|
|
* @inuse: whether the channel is in use
|
|
* @lock: protects multiple elements within this structure
|
|
* @client: client instance
|
|
* @vdev: virtio dev associated with this channel
|
|
* @vq: virtio queue associated with this channel
|
|
* @sg: scatter gather list which is used to pack a request (protected?)
|
|
*
|
|
* We keep all per-channel information in a structure.
|
|
* This structure is allocated within the devices dev->mem space.
|
|
* A pointer to the structure will get put in the transport private.
|
|
*
|
|
*/
|
|
|
|
static struct virtio_chan {
|
|
bool initialized;
|
|
bool inuse;
|
|
|
|
spinlock_t lock;
|
|
|
|
struct p9_client *client;
|
|
struct virtio_device *vdev;
|
|
struct virtqueue *vq;
|
|
|
|
/* Scatterlist: can be too big for stack. */
|
|
struct scatterlist sg[VIRTQUEUE_NUM];
|
|
} channels[MAX_9P_CHAN];
|
|
|
|
/* How many bytes left in this page. */
|
|
static unsigned int rest_of_page(void *data)
|
|
{
|
|
return PAGE_SIZE - ((unsigned long)data % PAGE_SIZE);
|
|
}
|
|
|
|
/**
|
|
* p9_virtio_close - reclaim resources of a channel
|
|
* @client: client instance
|
|
*
|
|
* This reclaims a channel by freeing its resources and
|
|
* reseting its inuse flag.
|
|
*
|
|
*/
|
|
|
|
static void p9_virtio_close(struct p9_client *client)
|
|
{
|
|
struct virtio_chan *chan = client->trans;
|
|
|
|
mutex_lock(&virtio_9p_lock);
|
|
if (chan)
|
|
chan->inuse = false;
|
|
mutex_unlock(&virtio_9p_lock);
|
|
}
|
|
|
|
/**
|
|
* req_done - callback which signals activity from the server
|
|
* @vq: virtio queue activity was received on
|
|
*
|
|
* This notifies us that the server has triggered some activity
|
|
* on the virtio channel - most likely a response to request we
|
|
* sent. Figure out which requests now have responses and wake up
|
|
* those threads.
|
|
*
|
|
* Bugs: could do with some additional sanity checking, but appears to work.
|
|
*
|
|
*/
|
|
|
|
static void req_done(struct virtqueue *vq)
|
|
{
|
|
struct virtio_chan *chan = vq->vdev->priv;
|
|
struct p9_fcall *rc;
|
|
unsigned int len;
|
|
struct p9_req_t *req;
|
|
|
|
P9_DPRINTK(P9_DEBUG_TRANS, ": request done\n");
|
|
|
|
while ((rc = chan->vq->vq_ops->get_buf(chan->vq, &len)) != NULL) {
|
|
P9_DPRINTK(P9_DEBUG_TRANS, ": rc %p\n", rc);
|
|
P9_DPRINTK(P9_DEBUG_TRANS, ": lookup tag %d\n", rc->tag);
|
|
req = p9_tag_lookup(chan->client, rc->tag);
|
|
req->status = REQ_STATUS_RCVD;
|
|
p9_client_cb(chan->client, req);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* pack_sg_list - pack a scatter gather list from a linear buffer
|
|
* @sg: scatter/gather list to pack into
|
|
* @start: which segment of the sg_list to start at
|
|
* @limit: maximum segment to pack data to
|
|
* @data: data to pack into scatter/gather list
|
|
* @count: amount of data to pack into the scatter/gather list
|
|
*
|
|
* sg_lists have multiple segments of various sizes. This will pack
|
|
* arbitrary data into an existing scatter gather list, segmenting the
|
|
* data as necessary within constraints.
|
|
*
|
|
*/
|
|
|
|
static int
|
|
pack_sg_list(struct scatterlist *sg, int start, int limit, char *data,
|
|
int count)
|
|
{
|
|
int s;
|
|
int index = start;
|
|
|
|
while (count) {
|
|
s = rest_of_page(data);
|
|
if (s > count)
|
|
s = count;
|
|
sg_set_buf(&sg[index++], data, s);
|
|
count -= s;
|
|
data += s;
|
|
BUG_ON(index > limit);
|
|
}
|
|
|
|
return index-start;
|
|
}
|
|
|
|
/* We don't currently allow canceling of virtio requests */
|
|
static int p9_virtio_cancel(struct p9_client *client, struct p9_req_t *req)
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
/**
|
|
* p9_virtio_request - issue a request
|
|
* @client: client instance issuing the request
|
|
* @req: request to be issued
|
|
*
|
|
*/
|
|
|
|
static int
|
|
p9_virtio_request(struct p9_client *client, struct p9_req_t *req)
|
|
{
|
|
int in, out;
|
|
struct virtio_chan *chan = client->trans;
|
|
char *rdata = (char *)req->rc+sizeof(struct p9_fcall);
|
|
|
|
P9_DPRINTK(P9_DEBUG_TRANS, "9p debug: virtio request\n");
|
|
|
|
out = pack_sg_list(chan->sg, 0, VIRTQUEUE_NUM, req->tc->sdata,
|
|
req->tc->size);
|
|
in = pack_sg_list(chan->sg, out, VIRTQUEUE_NUM-out, rdata,
|
|
client->msize);
|
|
|
|
req->status = REQ_STATUS_SENT;
|
|
|
|
if (chan->vq->vq_ops->add_buf(chan->vq, chan->sg, out, in, req->tc) < 0) {
|
|
P9_DPRINTK(P9_DEBUG_TRANS,
|
|
"9p debug: virtio rpc add_buf returned failure");
|
|
return -EIO;
|
|
}
|
|
|
|
chan->vq->vq_ops->kick(chan->vq);
|
|
|
|
P9_DPRINTK(P9_DEBUG_TRANS, "9p debug: virtio request kicked\n");
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* p9_virtio_probe - probe for existence of 9P virtio channels
|
|
* @vdev: virtio device to probe
|
|
*
|
|
* This probes for existing virtio channels. At present only
|
|
* a single channel is in use, so in the future more work may need
|
|
* to be done here.
|
|
*
|
|
*/
|
|
|
|
static int p9_virtio_probe(struct virtio_device *vdev)
|
|
{
|
|
int err;
|
|
struct virtio_chan *chan;
|
|
int index;
|
|
|
|
mutex_lock(&virtio_9p_lock);
|
|
index = chan_index++;
|
|
chan = &channels[index];
|
|
mutex_unlock(&virtio_9p_lock);
|
|
|
|
if (chan_index > MAX_9P_CHAN) {
|
|
printk(KERN_ERR "9p: virtio: Maximum channels exceeded\n");
|
|
BUG();
|
|
err = -ENOMEM;
|
|
goto fail;
|
|
}
|
|
|
|
chan->vdev = vdev;
|
|
|
|
/* We expect one virtqueue, for requests. */
|
|
chan->vq = virtio_find_single_vq(vdev, req_done, "requests");
|
|
if (IS_ERR(chan->vq)) {
|
|
err = PTR_ERR(chan->vq);
|
|
goto out_free_vq;
|
|
}
|
|
chan->vq->vdev->priv = chan;
|
|
spin_lock_init(&chan->lock);
|
|
|
|
sg_init_table(chan->sg, VIRTQUEUE_NUM);
|
|
|
|
chan->inuse = false;
|
|
chan->initialized = true;
|
|
return 0;
|
|
|
|
out_free_vq:
|
|
vdev->config->del_vqs(vdev);
|
|
fail:
|
|
mutex_lock(&virtio_9p_lock);
|
|
chan_index--;
|
|
mutex_unlock(&virtio_9p_lock);
|
|
return err;
|
|
}
|
|
|
|
|
|
/**
|
|
* p9_virtio_create - allocate a new virtio channel
|
|
* @client: client instance invoking this transport
|
|
* @devname: string identifying the channel to connect to (unused)
|
|
* @args: args passed from sys_mount() for per-transport options (unused)
|
|
*
|
|
* This sets up a transport channel for 9p communication. Right now
|
|
* we only match the first available channel, but eventually we couldlook up
|
|
* alternate channels by matching devname versus a virtio_config entry.
|
|
* We use a simple reference count mechanism to ensure that only a single
|
|
* mount has a channel open at a time.
|
|
*
|
|
* Bugs: doesn't allow identification of a specific channel
|
|
* to allocate, channels are allocated sequentially. This was
|
|
* a pragmatic decision to get things rolling, but ideally some
|
|
* way of identifying the channel to attach to would be nice
|
|
* if we are going to support multiple channels.
|
|
*
|
|
*/
|
|
|
|
static int
|
|
p9_virtio_create(struct p9_client *client, const char *devname, char *args)
|
|
{
|
|
struct virtio_chan *chan = channels;
|
|
int index = 0;
|
|
|
|
mutex_lock(&virtio_9p_lock);
|
|
while (index < MAX_9P_CHAN) {
|
|
if (chan->initialized && !chan->inuse) {
|
|
chan->inuse = true;
|
|
break;
|
|
} else {
|
|
index++;
|
|
chan = &channels[index];
|
|
}
|
|
}
|
|
mutex_unlock(&virtio_9p_lock);
|
|
|
|
if (index >= MAX_9P_CHAN) {
|
|
printk(KERN_ERR "9p: no channels available\n");
|
|
return -ENODEV;
|
|
}
|
|
|
|
client->trans = (void *)chan;
|
|
client->status = Connected;
|
|
chan->client = client;
|
|
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* p9_virtio_remove - clean up resources associated with a virtio device
|
|
* @vdev: virtio device to remove
|
|
*
|
|
*/
|
|
|
|
static void p9_virtio_remove(struct virtio_device *vdev)
|
|
{
|
|
struct virtio_chan *chan = vdev->priv;
|
|
|
|
BUG_ON(chan->inuse);
|
|
|
|
if (chan->initialized) {
|
|
vdev->config->del_vqs(vdev);
|
|
chan->initialized = false;
|
|
}
|
|
}
|
|
|
|
static struct virtio_device_id id_table[] = {
|
|
{ VIRTIO_ID_9P, VIRTIO_DEV_ANY_ID },
|
|
{ 0 },
|
|
};
|
|
|
|
/* The standard "struct lguest_driver": */
|
|
static struct virtio_driver p9_virtio_drv = {
|
|
.driver.name = KBUILD_MODNAME,
|
|
.driver.owner = THIS_MODULE,
|
|
.id_table = id_table,
|
|
.probe = p9_virtio_probe,
|
|
.remove = p9_virtio_remove,
|
|
};
|
|
|
|
static struct p9_trans_module p9_virtio_trans = {
|
|
.name = "virtio",
|
|
.create = p9_virtio_create,
|
|
.close = p9_virtio_close,
|
|
.request = p9_virtio_request,
|
|
.cancel = p9_virtio_cancel,
|
|
.maxsize = PAGE_SIZE*16,
|
|
.def = 0,
|
|
.owner = THIS_MODULE,
|
|
};
|
|
|
|
/* The standard init function */
|
|
static int __init p9_virtio_init(void)
|
|
{
|
|
int count;
|
|
|
|
for (count = 0; count < MAX_9P_CHAN; count++)
|
|
channels[count].initialized = false;
|
|
|
|
v9fs_register_trans(&p9_virtio_trans);
|
|
return register_virtio_driver(&p9_virtio_drv);
|
|
}
|
|
|
|
static void __exit p9_virtio_cleanup(void)
|
|
{
|
|
unregister_virtio_driver(&p9_virtio_drv);
|
|
v9fs_unregister_trans(&p9_virtio_trans);
|
|
}
|
|
|
|
module_init(p9_virtio_init);
|
|
module_exit(p9_virtio_cleanup);
|
|
|
|
MODULE_DEVICE_TABLE(virtio, id_table);
|
|
MODULE_AUTHOR("Eric Van Hensbergen <ericvh@gmail.com>");
|
|
MODULE_DESCRIPTION("Virtio 9p Transport");
|
|
MODULE_LICENSE("GPL");
|